Mohammed Saber
ABSTRACT
High-speed networks require a high performance intrusion detection systems (IDS), able to process a large amount of data in real time. So, we have to evaluate IDS going to be deployed in such environnement.
In this paper, we present an evaluation approach, based on a series of tests, aiming to measure the performance of the components of an IDS and their effects on the entire system. As well as to study the effect of the characteristics of the deployment environment on the efficiency of the IDS. So, we have implemented the IDS SNORT on machines with different technical characteristics and we have designed a network to generate a set of experiments to measure the performances obtained in the case of a deployment in high-speed networks.
Our experiments have revealed the weaknesses of the IDS in a precise way. Mainly, the inability to process multiple packets and the propensity to deposit, without analysis, packets in high-speed networks with heavy traffic. Our work also determined the effect of a component on the entire system and the effect of hardware characteristics on the performance of an IDS.
- M. Akhlaq, F. Alserhani, I. Awan, J. Mellor, A. J. Cullen, and A. Al-Dhelaan. Implementation and Evaluation of Network Intrusion Detection Systems. Springer Berlin Heidelberg, Berlin, Heidelberg, 2011. Google Scholar
Cross Ref
- E. Albin and N. C. Rowe. A realistic experimental comparison of the suricata and snort intrusion-detection systems. In Proceedings of the 2012 26th International Conference on Advanced Information Networking and Applications Workshops, WAINA '12, pages 122--127, Washington, DC, USA, 2012. IEEE Computer Society. Google ScholarDigital Library
- R. Berthier, W. H. Sanders, and H. Khurana. Intrusion detection for advanced metering infrastructures: Requirements and architectural directions. In 2010 First IEEE International Conference on Smart Grid Communications, pages 350--355, Oct 2010. Google ScholarCross Ref
- M. A. Jamshed, J. Lee, S. Moon, I. Yun, D. Kim, S. Lee, Y. Yi, and K. Park. Kargus: A highly-scalable software-based intrusion detection system. In Proceedings of the 2012 ACM Conference on Computer and Communications Security, CCS '12, pages 317--328, New York, NY, USA, 2012. ACM. Google ScholarDigital Library
- D. Khorkov. Methods for testing network-intrusion detection systems. Scientific and Technical Information Processing, 39(2):120--126, 4 2012.Google ScholarDigital Library
- D. Mudzingwa and R. Agrawal. A study of methodologies used in intrusion detection and prevention systems (idps). In 2012 Proceedings of IEEE Southeastcon, pages 1--6, March 2012.Google ScholarCross Ref
- M. Roesch. Snort - lightweight intrusion detection for networks. In Proceedings of the 13th USENIX Conference on System Administration, LISA '99, pages 229--238, Berkeley, CA, USA, 1999. USENIX Association.Google ScholarDigital Library
- M. Saber, S. Chadli, M. Emharraf, and I. El Farissi. Modeling and Implementation Approach to Evaluate the Intrusion Detection System. Springer International Publishing, Cham, 2015. Google ScholarCross Ref
- M. Saber, S. Chadli, M. Emharraf, and I. E. Farissi. Performance Evaluation of an Intrusion Detection System. Springer International Publishing, Cham, 2016. Google ScholarCross Ref
- F. I. Shiri, B. Shanmugam, and N. B. Idris. A parallel technique for improving the performance of signature-based network intrusion detection system. In 2011 IEEE 3rd International Conference on Communication Software and Networks, pages 692--696, May 2011. Google ScholarCross Ref
- X. Wang, A. Kordas, L. Hu, M. Gaedke, and D. Smith. Administrative evaluation of intrusion detection system. In Proceedings of the 2Nd Annual Conference on Research in Information Technology, RIIT '13, pages 47--52, New York, NY, USA, 2013. ACM. Google ScholarDigital Library
Recommendations
Implementation and evaluation of network intrusion detection systems
Network performance engineeringPerformance evaluation of Network Intrusion Detection Systems (NIDS) has been carried out to identify its limitations in high speed environment. This has been done by employing evasive and avoidance strategies simulating real-life normal and attack ...
A survey and taxonomy of techniques used for alerts of Intrusion Detection Systems
BDIoT '19: Proceedings of the 4th International Conference on Big Data and Internet of ThingsOver the years, Intrusion detection systems IDSs have evolved to handle many types of threats. Nowadays, network security administrators expect IDSs to monitor networks and hosts and identify suspicious activities. IDSs must be configured to recognize ...
Evaluating Intrusion Detection Systems in High Speed Networks
IAS '09: Proceedings of the 2009 Fifth International Conference on Information Assurance and Security - Volume 02The recent era has witnessed tremendous increase in the usage of computer network applications. Users of any type and requirement are compelled to be on a network. Today, the computer has become a network machine rather than a standalone system. This ...
Comments